Original release date: September 16, 2021
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.
CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.
This product is provided subject to this Notification and this Privacy & Use policy.
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor…
CISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide…
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled…
CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers…
This website uses cookies.